The A9 Company (hereafter referred to as "The Company"), an SAS with a capital of 81,382 euros, is registered with the Registry of Trades and Companies of Paris under RCS Paris B 451 911 812. Its headquarters are located at 65 rue de Reuilly, 75012 Paris, France - email address: firstname.lastname@example.org. Its EEC VAT number is FR10451911812. The Company primarily provides online training services. The Company’s website publication manager is Benjamin Levy.
The Company places great importance upon the security of personal data and commits to ensure its protection under European and French standards relating to the processing of this data.
Explanatory comments in the right-hand column of this document have no binding legal value; they serve only to facilitate the overall comprehension of the document, re-written in simpler terms.
The Company reserves the right to amend this document at any time.
If applicable, the revision number and date located at the top of this document will identify the version.
Each update will be published on our Site. Any changes will take effect upon said publication.
By continuing to use the Site, the Services and/or Applications, or by accessing them after an update of our terms, you acknowledge and accept all of the modifications therein.
For translations, the reference document for interpretation shall be the original French, whose latest applicable version is available at the following address: https://www.gymglish.com/documents/privacy-policy-fr-latest.pdf
Subscription refers to placing the Service at a User’s disposal for a fixed price and duration and, where appropriate, a maximum number of Lessons completed by the User.
Activation refers to The start date of the Subscription.
Listings refers to the service offer(s) proposed directly by a Seller to other Users via the Marketplace.
Application or mobile Application refers to a program designed and/or produced by the Company that is downloadable and executable from the operating system of a smartphone or tablet.
Client refers to an adult and able person or company who either accepts the Listing of a Seller on the Marketplace or purchases a Subscription on his own account, or on behalf of one or more User(s).
Lesson refers to the content of the lesson, the content of the corrections and the content of any supplementary corrections tailored to each User.
Course refers to all of the Lessons completed by and tailored to each User.
Marketplace refers to a dedicated space on the Site allowing for Listings by Sellers to be posted and viewed by the Users.
Provision refers to service offered directly to the User by a Seller through a Listing on the Marketplace.
Product refers to 1) one of the service offers published by the Company, such as Gymglish, Frantastique or Rich Morning Show, or 2) training programs using Gymglish Studio technology operated by the Company but whose content is published by third parties.
Service refers to the delivery and correction of personalized Lessons, provided by the Company, as well as technical support to customers.
Site refers to the set of web pages managed by the Company, including gymglish.com, gymglish.fr, frantastique.com, frantastique.fr, richmorning.com.
Test refers to the testing of the Service, proposed free of charge to the User for a limited period of time.
”User” or ”You” or ”They” refers either to someone who has created an account on the Marketplace, or a person who uses the Service. Each User may subscribe to one or more Course.
Seller refers to an adult and able person or company who uses the Marketplace and posts Listings viewable by Users.
Supervisor refers to, if applicable, the individual(s) responsible for monitoring Users for whose account the Client has subscribed to the Service.
Supervisor Space refers to a space on the Site for Supervisors where they can invite Users, purchase Subscriptions, and supervise the training of Users.
The Company commits to keep its legal obligations in terms of respecting personal data in France, the country in which it has its headquarters, namely:
The French Information and Liberties Law No. 78-17 of January 6, 1978 as amended by the Law of August 6, 2004;
European Directive 95/46 of October 24, 1995, regarding the protection of personal data and privacy, transposed into French law by the Law of August 6, 2004;
The French Law for Confidence in the Digital Economy ("LCEN") No. 2004-575 of June 21, 2004 (Article L. 33-4.2 of the Post and Telecommunications Code and Article L. 121-20-5 of the Consumption Code) integrating into French law Directive 2000/31/CE of June 8, 2000 on Electronic Commerce and Directive 2002/58/CE of July 12, 2002 on the Protection of Personal Data and Privacy in Electronic Communications, amended by Directive 2009/136/CE of November 9, 2009.
The European GDPR (General Data Protection Regulation) rules
The processing of personal data implemented by the Company is subject to a declaration to the CNIL (declaration No. 1276610/0-A9) and the hosting of this data is in Europe.
We receive, retain and process information that the User or Client provides whenever they access our Services or use them, for instance, whenever:
they fill out a registration form for a Test;
they fill out a purchase form in the online store;
they use the Service;
they create an account on the Marketplace;
they communicate with the Company;
they sign their Lesson or send their photograph to confirm their identity in order to obtain a certified level assessment.
they authorize access by the Company to data of a third-party site (e.g. Facebook, Google or Yahoo Mail address list, etc.). In this case, the Company will obtain personal data disclosed by the third-party site, within the limits authorized by the User or Client and permitted by the settings defined on the third-party site.
Whenever the User or Client signs up for a Test, purchases the Service of the Company or creates an account on the Marketplace through a partner site (hereafter referred to as ”the Partner”) or through a commercial link, the Company shall retain the information concerning the contact’s origin.
The Company shall also receive, retain and process:
connection data, i.e. information that is automatically saved by our servers when accessing the Site or Service, such as the IP address, the date and time of accessing the Site or Service, the pages of the Site viewed and the order of these pages, etc.
data sent by software used to access the Site or service, such as the operating system, the browser version, the preferred user language or the geographic region (since the latter is generally accessible through smartphones, especially allowing us to send lessons to the User within the appropriate time zone.)
It is possible to configure your browser to refuse the placement of the Company’s Cookies; such a modification therefore may alter the functionality of the Company’s Site and Services. However, refusing the placement of Cookies from third-party companies should have no effect on the functionalities of the Company’s Site or Services.
You can disable Google Analytics
Third parties who could install cookies on the User computer when browsing the Site are listed in section 6.4.
The Company may authorize the use of third-party social plugins ("social plugins" refers, for example, to Facebook’s "like" button or Twitter’s "share" button, etc.). If a User or Client is connected to their third-party account, this third party may access information relating to the Company’s Services (for example, Users may share the score of one of their Lessons with their social network). The third-party personal data protection charter will provide more information about its practices in terms of data, especially about the data it collects and how it uses it.
Users or Clients may send their contacts, especially by sending an email or by copying a personalized link on social networks, an invitation to try out the Service. The person accepting the invitation shall then be considered as a member of the "Referred friends". The Company shall apply the same respect for personal data for Referred friends as that belonging to Users.
Opt-ins are agreements by Users or Clients prior to sending commercial communications (for example, to receive promotional emails) from the Company or from a third-party Partner. The Company commits to respecting opt-ins affecting it and allowing the activation or refusal of these communications in the "My Account" section of the Products.
Whenever the User or Client is signed up through a Partner, opt-ins affecting this Partner shall be managed, operated and updated by the Partner.
It is possible to configure notifications sent by the mobile Application in the settings section of the Application and/or in the device settings.
During or at the end of the Subscription, each User may receive a satisfaction survey.
The Company mainly uses personal data in order to be able to promote and offer its Services. The Company commits not to sell Users’ personal data. The Company also commits to never disclose personal data collected, namely email addresses and photographs if provided, except:
whenever personal data is required to operate the Service (for example, with the Company’s payment service providers when making a purchase);
whenever the User is not the Client, the Company may share with the Client certain personal data (for example, the participation rate and level) of the User(s) for the account on which they have subscribed to a Service; the Client may then share this information with third parties (for example, with the PRO Gymglish & Teacher offer, where teachers have access to educational data about the User); the Client may also refuse access to this data, if desired;
in certain cases provide by law, personal data may be sent to legally authorized third parties to access it upon specific request; especially, if such a measure is necessary by law to protect and/or defend the Company’s rights, to enforce this charter, and/or to protect the rights and/or interests of Users, Clients or those of the public;
whenever the User or Client signs up for a Test or purchases the Company’s Service through a partner site, the Company may share personal information (last name, first name, email address, opt-in, etc.) with this Partner, which shall only use this data under the opt-ins selected.
The Company shall ensure that these Partners strictly follow the Information and Freedoms Law mentioned above and shall commit to implement the appropriate measures of security and protection of confidentiality of the data sent to them.
When the User is not the Client, the Company can share with Clients and possible Supervisors the educational data related to the Service. When the Client is a higher education establishment or entity whose head office is in France or Canada, the sharing of educational data is authorized by default.
In other cases, the Supervisor must obtain authorization from the User in advance in order to access the educational data.
When Partners are also involved in training Users as part of the Service (typically a language school as part of "blended learning" hybrid training), the Company may share the educational data related to the Service with these Partners.
The Company informs its Users and Clients that processes listed below require personal data sharing. They are outsourced, only for the reasons indicated, to providers who are themselves GDPR compliant.
Data exchanges between the Company and its suppliers are cryptographically secured by https or TLS.
Adyen, Simon Carmiggeltstraat 6-50, 1011 DJ, Amsterdam, Netherlands: credit card payment service provider. https://www.adyen.com/policies-and-disclaimer/privacy-policy
Alipay (Europe) Limited S.A., 11-13 Boulevard de la Foire, L-1528 Luxembourg, Luxembourg: online payment provider. https://render.alipay.com/p/f/agreementpages/alipayglobalprivacypolicy.html
Amazon AWS Europe: cloud storage provider. https://aws.amazon.com/en/privacy/
Appannie, 52-56bis rue de la Victoire 75009 Paris, France: application usage tracking provider. https://www.appannie.com/en/legal/privacy/
Apple: Apple Pay payment service provider. https://www.apple.com/legal/privacy/
CIC SA, 6 avenue de Provence 75009 Paris, France: SEPA direct debit payment service provider. https://www.cmcicpaiement.fr/fr/aide/informations-legales/protection-donnees.html
Dropcontact, STATION F, 5, Parvis Alan Turing, 75013 Paris-France: business intelligence and prospecting provider. https://en.dropcontact.io/protectiondesdonnees
Exalog SAS, 97 rue de Bellevue, 92100 Boulogne Billancourt, France: SEPA direct debit payment service provider. http://www.exalog.com/en/gdpr-faq
Facebook: login provider (facebook login) and social media provider. https://www.facebook.com/about/privacy
Front App, Inc. 550 15th St. - San Francisco - CA 94103 - United States: technical provider for our customer support. https://frontapp.com/privacy-policy
Google: login provider (google login), google ads, google marketing platform (doubleclick.net) and Google Pay payment service provider. https://policies.google.com/privacy
Hootsuite, 33 rue La Fayette, 75009 Paris, France: social media management provider. https://hootsuite.com/en/legal/privacy
InnoCraft Ltd (NZBN 6106769), 150 Willis St, 6011 Wellington, New Zealand: collects analysis of data about visits to the Sites in order to identify and monitor misuse among other things. https://www.innocraft.com/privacy
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland: provides data collection and analysis about visits to the sites (LinkedIn Insight Tag). https://www.linkedin.com/legal/privacy-policy
Mangopay SA, 10 boulevard Royal, L-2449 Luxembourg: payment service provider for marketplaces. https://www.mangopay.com/privacy
Micropayment GmbH, Scharnweberstrasse 69, D-12587 Berlin, Germany: SEPA direct debit payment service provider. https://www.micropayment.de/about/privacy/?lang=en
Mixmax, 512 2nd St, San Francisco, CA 94107, United States: direct mailing provider. https://mixmax.com/legal/privacy-policy
Online SAS, 8 rue de la ville l’Evêque - 75008 PARIS, France: backup database host of the Company. https://www.scaleway.com/en/pdf/Politique-de-confidentialite-Online-by-Scaleway.pdf
PayPal Europe, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg: Paypal payment service provider. https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Phantombuster, 22, rue Pierre et Marie Curie - 94200 Ivry-sur-Seine, France: business intelligence and prospecting provider. https://hub.phantombuster.com/page/terms-of-service
Pipedrive OÜ, Paldiski mnt 80, Tallinn, 10617, Estonia: customer relationship management provider. https://www.pipedrive.com/en/privacy
Rackspace Ltd, 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ, Great Britain: database host of the Company. https://www.rackspace.com/information/legal/privacystatement
Vimeo, Inc., 555 West 18th Street, New York, New York 10011 United States : online video streaming. https://vimeo.com/privacy
Yesware, Inc., 75 Kneeland Street, 15th Floor, Boston, MA 02111, United States: business intelligence provider. https://www.yesware.com/privacy
Personal data is stored and retained for the duration necessary to complete the purposes for which they are collected, under applicable law. Thus, financial and educational data is retained indefinitely. This will allow the Service to be resumed after a possible interruption, even a long one. The Company also commits that:
All Cookies placed by the Company onto browsers are created for a timespan requested of less than thirteen months;
Login data serving mainly to identify any potential operating problems (e.g. history files of logging into the Company’s web servers) are deleted at the latest one year after being collected.
The law gives all Users, Clients and all Referred friends the right to access, correct, delete and revoke consent to processing of their personal data. Modifying personal data (last name, first name, country, email address) belonging to the User or Clients may be performed in the "My Account" section.
The Company does not have any dedicated DPO (Data Protection Officer) because it does not handle sensitive data. However, it is possible to access your personal data at any time, to modify it or delete it by writing to the following address: A9 SAS - Service des données personnelles, 65 rue de Reuilly -75012 Paris.
The data related to the Services of the Company are by nature not very portable. However, a synthetic view of the pedagogical data is available in the "My Account" section and can be downloaded as a set of web pages.
The Company is particularly careful about payment data security.
Payments are managed and secured by certified PCI DSS suppliers using SSL technology (Secure Socket Layer) for encrypting payment information during transactions over the network. This ensures the safety and confidentiality of payment information.
The Company never keeps the credit card information of its Clients.
The host of the Company is Rackspace Ltd., 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ, Great Britain. The company Rackspace is certified ISO/ IEC 27001, ISO 14001, ISO 9001, SOC 1 (SSAE 18), SOC 2, SOC 3, PCI DSS Level 1 FedRAMP JAB P-ATO, NIST 800-53, FISMA, NIST 800-171 (DFARS), CJIS, ITAR, FIPS 140-2, HITRUST HIPAA, HITECH, Swiss-US Safe Harbor, CDSA, SAS 70 Type II, Privacy Shield and Safe Harbor: see https://www.rackspace.com/compliance. Rackspace can be reached by phone on +44 20 3131 6381.